Checks default wp-content dir regardless of detection mode if not found passively

2019-10-10 19:59:09 +01:00
parent d85035d5ef
commit e39a192e8d
7 changed files with 109 additions and 116 deletions
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -90,7 +90,7 @@ module WPScan
        def wordpress_hosted?
          return true if /\.wordpress\.com$/i.match?(uri.host)

-          unless content_dir(:passive)
+          unless content_dir
            pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze

            uris_from_page(homepage_res) do |uri|
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -13,9 +13,8 @@ module WPScan
          @plugins_dir = dir.chomp('/')
        end

-        # @param [ Symbol ] detection_mode
        # @return [ String ] The wp-content directory
-        def content_dir(detection_mode = :mixed)
+        def content_dir
          unless @content_dir
            # scope_url_pattern is from CMSScanner::Target
            pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i
@@ -29,9 +28,7 @@ module WPScan
              return @content_dir = match[1]
            end

-            unless detection_mode == :passive
-              return @content_dir = 'wp-content' if default_content_dir_exists?
-            end
+            return @content_dir = 'wp-content' if default_content_dir_exists?
          end

          @content_dir